Certificate Authority [CA] Implementation Plan

Sample Digi-CA™ Implementation Plan

The most substantial difference between Digi-CA™ and other Traditional CA [1]s is the flexibility and capabilities that are central to the design of the Public Key Infrastructure [PKI] system. This means that virtually any type of PKI design can be implemented using Digi-CA™ and because Digi-CA™ is probably the most modern CA available on the market, your specific design requirements can be delivered easily and cost effectively.

The following sub sections provide details of a typical project implementation and its stages. The Preliminary Analysis & Requirement Measurement stage of the project (stage I) is the first stage and this sets the project parameters and requirements from the very beginning of your project:

1. Preliminary Analysis & Requirement Measurement

2. Trust Centre Setup

3. Configuring Multi-Site LDAP Directory Services & LDAP Replication

4. CA Hierarchy & PKI Logical Infrastructure Setup

5. System Integration & Integration Testing

6. Disaster Recovery Setup

7. Functional, Operational & User Acceptability Testing [UAT]

8. Training

9. Production Launch

Preliminary Analysis & Requirement Measurement

1. In depth analysis and understanding of the concepts, functional and business requirements

2. In depth Digi-CAST™ analysis of existing application functional layers and associated data flow models and diagrams and understanding the concepts, functional and business requirements

6. Digi-CAST™ establishing whether Digi-CA™ PKI System requires any related customisations to support specific functional and business requirements through the use of application APIs and custom policy controls

7. Providing detailed information on performed analysis, measurements and discoveries in a form of a Digi-CAST™ report

Trust Centre Setup

1. Setup of a dedicated Digi-CA™ PKI system hardware and software infrastructure in a secure hosting data centre

2. General testing of new hardware, software and network setup

3. High availability testing of new hardware, software and network setup

4. Backup and recovery tests of new software and network setup

5. Performance testing of new hardware, software and network setup

6. Finalising the setup and providing with detailed information on performed activities and test results in the form of a Digi-CAST™ report

Configuring Multi-Site LDAP Directory Services & LDAP Replication

1. Establishing a dedicated secure network channel between the new Trust Centre and local computer centres at two locations

2. Testing the performance and security of the network communication channel between the Trust Centre and each office location

3. Installing and configuring LDAP directory service hardware and software for high availability in the local computer centres

4. Setting up directory replication service [shadow: single-master/multiple-slave replication scheme] between the master LDAP directory service located in the Trust Centre and each slave local LDAP directory service located in each of the computer centres

5. Testing the directory live replication service and high availability mechanisms

6. Performance testing for directory replication service and high availability setup

7. Finalising the setup and providing detailed information on performed activities and test results in the form of a Digi-CAST™ report

CA Hierarchy & PKI Logical Infrastructure Setup

1. Performing a dry-run for Key Ceremony (if required) for CA and Sub-CA

2. Performing a Key Ceremony (if required) for CA and Sub-CA and establishing new CA hierarchy

3. Creating test instances of CA and Sub-CA private key and public key certificate data (for the period of test use only)

4. Finalizing the new CA setup and providing with detailed information on performed activities and verification results in the form of a Digi-CAST™ report

4. End user private key and public key certificate usability tests with applications

5. End user public key certificate standard life cycle tests including certificate renewal after certificate expiration

6. End user public key certificate custom life cycle tests including certificate revocation, suspension and de-suspension

7. End user public key certificate life cycle test including certificate re-issuance after certificate revocation

8. Integration testing for application and Digi-CA™ PKI System CRL and OCSP services

9. Finalizing the test phase and providing with detailed information on performed activities and test results in a form of Digi-CAST™ report

Training

1. Provision of comprehensive Digi-CA™ PKI System documentation in digital and paper format

2. CA Administration staff training

3. CA Security Administration staff training

4. RA Administration staff training

5. RA Operation staff training

6. Finalizing the training phase and providing with detailed information on performed activities and test results in the form of a Digi-CAST™ report;

Production Launch

1. Switching CA hierarchy from test to production environment

2. Finalizing production launch and providing detailed information on performed activities along with a summarized report for each phase of the project implementation in the form of a Digi-CAST™ report